bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Phantomfeed - HTB University CTF 2023

Winters
2023-12-16
Web

tl;dr

  • Leak JWT token through Race Condition.
  • Leak authorization token via an open redirect.
  • Chaining XSS & CSRF in the oauth pipeline to leak the Admin’s oauth access token.
  • RCE via CVE-2023-33733.
Read More
Race Condition HTBUniversityCTF Oauth RCE Web

Nexus Void - HTB University CTF 2023

Luc1f3r
2023-12-15
Web

tl;dr

  • Misconfiguration in JWT token validation
  • SQL Injection through JWT token
  • Insecure Deserialization in .NET leading to RCE using custom class StatusCheckHelper
Read More
Writeup HTBUniversityCTF2023 .NET Deserialization SQL Injection JWT

enCRCroach - SquareCTF 2023

APN
2023-12-04
Crypto

tl;dr

  • CTR bit-flipping attack along with CRC recomputation
Read More
SquareCTF2023

Walk Off The Earth - TPCTF 2023

Luc1f3r
2023-11-30
Web

tl;dr

  • Mutation XSS using namespace confusion
  • Parsing inconsistency in JSDOM
Read More
Writeup TPCTF mXSS

awesomenotes-1 - Hacklu CTF 2023

L0xm1
2023-10-18
Web

tl;dr

  • XSS using hx- attribute to fetch the flag from /api/note/flag.
Read More
HackluCTF

päääd - Hack.lu CTF 2023

alfin
2023-10-16
Web

tl;dr

  • meta redirect to attacker website, using the html injection in the paaad.
  • leak the unique subdomain with csp violation.
  • Another meta redirect csrf with the leaked subdomain to make the note public.
Read More
Hack.luCTF2023

Awesomenotes II - Hack.lu CTF 2023

Z_Pacifist
2023-10-16
Web

tl;dr

  • XSS + HTML sanitization library (ammonia) bypass
  • Namespace confusion in ammonia using custom allowed extra tags(math & style)
Read More
Writeup Web mXSS Hack.lu CTF 2023

0_CSP - Securinets-Quals 2023

Lu513n
2023-08-07
Web

tl;dr

  • CRLF Injection in Headed Key in Werkzeug headers.set
  • Using CRLF Injection at /?user= to Get XSS at /helloworld
  • Make the admin visit /?user=<PAYLOAD> and /helloworld using cache poison or bug in regex(uninteded)
Read More
Securinets-Quals CRLF XSS Cache-Poison

Another Secure Store Note - LINE CTF 2023

ma1f0y
2023-03-28
Web

tl;dr

  • Leak csrf token bypassing document.domain
  • visiting /profile/ will not change the nonce
  • Leak nonce using dangling markup in firefox
  • Add XSS payload using the csrf to get the flag
Read More
LINECTF2023

Vessel Cartographer - HTB CyberApocalypse 2023

retr0ds
2023-03-24
Reversing

tl;dr

  • Dynamically resolved hashed API
  • Tls_call_back based anti-debug check
  • AntiDebugFlag check implemented using ProcessInformationClass
  • AES_CBC decryption of image to find flag
Read More
Writeup HTBCA23 Reversing AES_CBC

 Previous 

4 / 19

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.